Vulnerability in your VMs – VMware Tools Update
Recently, a worrying news has emerged about vulnerabilities sitting quietly inside our VMware VMs. The thought of an attacker hacking into our infrastructure from within our own virtual machines is a chilling one. Moreover, it's not just Windows VMs that are affected; Linux VMs are also in the crosshairs.
VMware Tools Update is crucial, and it's equally important to stay on top of your ESXi patch update. The vulnerability labeled as CVE-2025-22247 has left many of us questioning the security of our virtual environments. As I return from a brief hiatus, focusing on other projects outside of IT and virtualization, I'm now back to tackle this pressing issue.
As you may know, the latest vulnerability is present in VMware tools, but its open-source implementation, open-vm-tools, is also affected. The native Linux alternative to VMware tools for Linux, open-vm-tools, has been a topic of discussion in our blog for quite some time now. Unfortunately, this recent vulnerability affects both VMware and open-vm-tools, putting Linux VMs at risk as well.
The vulnerability was discovered by Sergey Bliznyuk from Positive Technologies and allows attackers with non-administrative rights on Guest VM to tamper with local files, triggering insecure file operations within that VM. The severity of this issue has been evaluated by VMware to be in the Moderate range, with a maximum CVSSv3 base score of 6.1.
Known Attack Vectors and Resolution
A malicious actor with non-administrative privileges on a guest VM may exploit this vulnerability by tampering with local files to trigger insecure file operations within that VM.
To remediate CVE-2025-22247, apply the patches listed in the ‘Fixed Version' column of the ‘Response Matrix' found below. It's essential to note that these patches are only available on the Broadcom website, and you can find all the necessary information there.
The fixed VMware Tools version is labeled 12.5.2. Linux vendors will distribute the updates for users, and fixed versions may differ depending on the Linux distribution version and the distribution vendor.
Acknowledgements
VMware would like to extend its gratitude to Sergey Bliznyuk of Positive Technologies for reporting this issue to us. Their diligence in identifying this vulnerability is commendable, and we appreciate their efforts in ensuring the security of our virtual environments.
Where to get the fixes from
You can find all the necessary information on patches and updates for VMware Tools on the Broadcom website. Make sure to regularly check for the latest vulnerabilities and patch your infrastructure accordingly.
Moreover, it's essential to remember that hacker threats are ongoing, and zero-day vulnerabilities pose a significant risk. However, most hacks occur due to IT managers not patching their infrastructure frequently enough or failing to apply patches across the board. Therefore, it's crucial to keep your VMware tools up-to-date and ensure that your virtual environments are secure.
Stay tuned for updates through our RSS feed, social media channels (Twitter, Facebook, YouTube), and keep an eye out for any further developments in this space.